sun microsystems Systems Architecture Committee _________________________________________________________________ Subject: Sg3 Utilities Submitted by: Xiao Li File: PSARC/2008/683/opinion.txt Date: November 24th, 2008 Committee: Mark Carlson (opinion written by Xiao Li), James Carlson, Glen Skinner, Kais Belgaied Product Approval Committee: Solaris PAC solaris-pac-opinion@sun.com 1. Summary The Sg3 Utilities, targeted at storage developers, send SCSI commands to storage devices. They operate on transports traditionally associated with SCSI (e.g. Fibre Channel (FCP), Serial Attached SCSI (SAS) and the SCSI Parallel Interface(SPI)), essentially any device that uses SCSI command sets. ATAPI cd/dvd drives and SATA disks that connect via a translation layer or a bridge device are other examples of devices that use SCSI command sets. This is a package that is available on Fedora, Debian and Windows and is being provided for familiarity to developers from those environments. 2. Decision & Precedence Information The project is approved for delivery in a minor release of Solaris. 3. Interfaces The project exports the following interfaces. _______________________________________________________________________ | Interfaces Exported | |__________________________________________|______________|_____________| |Interface |Classification|Comments | |__________________________________________|______________|_____________| |SUNWsg3utilsr |Uncommitted |Package Name | |__________________________________________|______________|_____________| |SUNWsg3utilsu |Uncommitted |Package Name | |__________________________________________|______________|_____________| |/usr/sbin/sg_get_config |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_ident |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_inq |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_logs |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_luns |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_modes |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_opcodes |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_persist |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_prevent |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_raw |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_rdac |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_read_buffer |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_read_long |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_readcap |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_reassign |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_requests |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_rmsn |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_rtpg |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_safte |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_sat_identify |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_sat_phy_event |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_sat_set_features |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_senddiag |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_ses |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_start |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_stpg |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_sync |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_turs |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_verify |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_vpd |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_wr_mode |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_write_buffer |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/sbin/sg_write_long |Uncommitted |Command | |__________________________________________|______________|_____________| |/usr/lib/libsgutils2.so |Private |Symbolic Link| |__________________________________________|______________|_____________| |/usr/lib/libsgutils2.so.2 |Private |Symbolic Link| |__________________________________________|______________|_____________| |/usr/lib/libsgutils2.so.2.0.0 |Private |Shared | | | |Library File | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_read_long.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_safte.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_senddiag.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_wr_mode.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_stpg.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_persist.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_ses.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_opcodes.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_get_config.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_read_buffer.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_luns.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_requests.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_prevent.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_rdac.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_rtpg.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_sat_identify.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_sat_phy_event.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_start.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_verify.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_modes.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_readcap.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/ |Uncommitted |Manpage | |sg_sat_set_features.1m | | | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_rmsn.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg3_utils.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_ident.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_vpd.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_inq.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_raw.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_turs.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_sync.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_logs.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_format.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_reassign.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_write_long.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| |/usr/share/man/man1m/sg_write_buffer.1m |Uncommitted |Manpage | |__________________________________________|______________|_____________| The project imports the following interfaces. _____________________________________________________________________________ | Interfaces Imported | |_____________________________|_________________________|___________________| |Interface | Classification | Comments | |_____________________________|_________________________|___________________| |USCSICMD | Committed |PSARC 1997/288 | | | (originally Evolving) |Reference [3,4] | |_____________________________|_________________________|___________________| 4. Opinion All these utilities send SCSI commands by operating on device files through an existing interface, namely USCSICMD. This interface by design of Solaris needs the process to have the privilege of sys_devices. This project does not deliver the device files nor does it set the access policy for them. In order to read from a SCSI device, write authorization for these device files is required in order to "send" the SCSI commands required. Some ARC members felt that compatibility with the RBAC subsystem of Solaris is required and that there should be two new RBAC profiles for these commands. Refer to Appendix B for details. Other members felt that because these commands have the possibility to be destructive, it may be better to not actually hand them out to someone via RBAC profiles (could be essentially equivalent to handing out all privileges and uid=0). In that case no RBAC profiles for these utilities are necessary. It should be noted that the advisability of exposing this functionality was also discussed extensively during the original USCSI case [4], but the ARC concluded that the benefits outweighed the risk in that case. 5. Minority Opinion(s) None 6. Advisory Information None 7. Appendices 7.1. Appendix A: Technical Changes Required None 7.2. Appendix B: Technical Changes Advised RBAC Profiles (SCSI Device Info, SCSI Device Management) [usr/src/lib/libsecdb/prof_attr] SCSI Device Info:::Inquiry, read device information:help=RtSCSIDevInfo.html SCSI Device Management:::Manage, modify device status or data:profiles=SCSI Device Info;help=RtSCSIDevMngmnt.html [usr/src/lib/libsecdb/exec_attr] SCSI Device Info:solaris:cmd:::/usr/sbin/sg_get_config:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_ident:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_inq:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_logs:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_luns:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_modes:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_opcodes:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_read_buffer:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_read_long:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_readcap:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_requests:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_rmsn:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_rtpg:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_safte:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_sat_identify:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_sat_phy_event:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Info:solaris:cmd:::/usr/sbin/sg_vpd:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_sync:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_persist:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_prevent:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_raw:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_rdac:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_reassign:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_sat_set_features:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_senddiag:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_ses:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_start:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_stpg:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_sync:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_turs:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_verify:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_wr_mode:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_write_buffer:euid=0;privs=file_dac_read,file_dac_write,sys_devices SCSI Device Management:solaris:cmd:::/usr/sbin/sg_write_long:euid=0;privs=file_dac_read,file_dac_write,sys_devices 7.3. Appendix C: Reference Material Unless stated otherwise, path names are relative to the case directory: PSARC/2008/683. 1. FOSS Check List File: sg3utils-indiana-checklist.txt 2. Fasttrack File: sg3utils-fasttrack.txt 3. USCSICMD manpage Link: http://sac.sfbay/SHARC/2001/593/materials/inception.10-17-01/uscsi.html 4. USCSI PSARC 1997/288 Mail discussion: http://sac.sfbay/PSARC/1997/288/mail